Create a self-signed SSL certificate for Nginx

If your application has any sort of login page or transmits sensitive information, it’s wise to make those sections accessible only via HTTPS. Even if your site has no sensitive information, it’s worth considering using HTTPS as Google now considers it a ranking signal.

For any pages a general user will access, you’ll want to use an SSL certificate signed by a reputable third party to avoid browser warnings. There are a number of vendors out there offering certificates, but free personal certificate from StartSSL will probably work fine for non-commerce sites.

Self-signed SSL certificates

If you’re just testing SSL or have an application that you alone access, a self-signed certificate could be an easy temporary solution. A self-signed SSL certificate will provide encryption but not identity verification.

Browsers will display warnings when the certificate is used so you’ll definitely not want to use these on public-facing content.

Generate your self-signed SSL certificate

I place my SSL certificates in /srv/ssl, but other locations can be used depending on your Linux distribution, configuration, or personal preference. Here, we create /srv/ssl if it doesn’t already exist, create our certificate and private key, and adjust the key’s permissions.

Configure Nginx

With your self-signed SSL certificate created, here’s the basic Nginx server block needed to use it. This example listens on all IPv4 addresses on port 443. IPv6 can be supported be adding or substituting listen [::]:443 ssl.